So as many of us already know, BE.NET attracts a lot of comment spam (a whole lot, I've been averaging nearly 40 a day). Lately I've been trying to find ways to manage that so that I don't have delete spam on a daily basis. I've tried
a few new things which I
blogged about and so far they seem to be working. I've forked my changes (thank you CP for switching to Hg, too bad it isn't Git though) and so if you guys want to pull some of them over you can
review the code.
I am also trying to make it harder for bots to search for my site by removing or changing certain phrases that are being used by spam bots to search for BE.NET sites and locate comment pages they include things like:
- "powered by blogengine"
- "Powered by BlogEngine.NET 18.104.22.168"
- "Will show your Gravatar" + "ups"
- "Notify me when new comments are added"
and several variations of those. It will probably take a couple more weeks before that has an effect on the search rank of my site though.
In order to retain a "powered by" link I created a little BE.NET icon instead. You can see this in my LucisFerre theme that I have committed to my fork or on
Which brings me to the second thing. I am donating my custom theme to the community. It is included on my fork under LucisFerre. It's just a simple theme that is based off the default theme. I only ask that you retain
the author line and link at the bottom, but I'm not enforcing that, so if you feel you
need to remove it for whatever reason, whatever. Ben please feel free to include it in the next release if you like it. I will be working on a new custom theme for my site (just so I can stay original ;-)).
So the question is, is it working? Well as far as I can tell (it has only been four days), smashingly. Since adding the spam trap over 4 days ago I have received about the same about of spam I was getting in a single day before and
not a single spam message has gotten through the spam filters *crosses fingers*. I will need to test it for at least another week or so, but the results are clear enough that I wanted to share it with the community and see if others want
to try it out so we have more data.
Obviously targeted spam bots will be able to be adapted to this, but spammer tend to be
lazy luddite technophobes trying to make monnies from home and my guess is most bots get woefully out of date. Though there is still more we can do to confuse them, so while this won't stop all spam it will significantly reduce the volume so
that the filters can do their jobs more effectively. There is a big difference between one to two messages getting through a week vs per day.
I may also try to write an OpenID authentication feature in the near future.